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what's a microkernel? 


na 


a definition 


the near-minimum amount of software that can 
provide the mechanisms needed to implement an 
operating system (OS). 
— https: // en. wikipedia. org/wiki/Microkernel 


what does that mean, really? 
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microkernel (from Wikipedia, public domain) 
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who cares? 


do you trust your kernel? are you sure it: 


v 


doesn't crash, overrun buffers, write to random memory 


v 


doesn't leak information to untrusted processes 


v 


enforces full isolation between processes 


v 


ensures the highest-priority process is the one that's running 
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a modern microkernel, 9k lines of formally verified C: 


> proven not to overrun buffers or invoke undefined behavior 
> proven to enforce isolation between processes 


> proven to not access the wrong memory 


cost of formal verification 


optimistic cost estimate: 


> over $1 trillion to write a formally verified Linux kernel 
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> over $1 trillion to write a formally verified Linux kernel 


> that's 10% of the US GDP 


cost of formal verification 


optimistic cost estimate: 


> over $1 trillion to write a formally verified Linux kernel 
> that’s 10% of the US GDP 


> (but it’s only 3x the SLOCCount estimate) 
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Genode: portable userspace for microkernels 


na 


microkernel => no drivers in kernel 


where do you get device drivers from? 


» every research microkernel writes their own drivers 


microkernel => no drivers in kernel 


where do you get device drivers from? 
» every research microkernel writes their own drivers 
“Genode” project: 


> drivers portable to 8+ microkernels 
> x86 and ARM 


> basic framebuffer and input drivers 
» sound, block, network, usb, uart 
> filesystems: FAT32, ext2, etc. 
> POSIX-ish libc, Qt, and other porting aids for userspace 


> VMs (in VirtualBox or Seoul) alongside native components 


ready for prime-time? 


some brave souls now run Genode with a Linux VM as their primary 
desktop (!) 


microkernel-friendly graphics architecture 
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Kernel | DRM 
CPU & registers & L1 & L2 & L3 & La & main memory 


straw-man microkernel graphics architecture 


DAC 


Kernel | DRM 
CPU & registers & L1 & L2 & L3 & La & main memory 


Mesa and ¡915 on Genode 


> original work by Norman Feske of Genode Labs in 2010 
> “proof of concept”: 


wrap Linux i915 driver in compatibility glue 

shove i915 in the GL client's address space 

give GL client direct hardware access 

not quite what anyone wants, but proves the concept 
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> no Mesa changes needed 


> clear path to a real graphics architecture 


naa 


questions? 


v 


http: //galois.com 
> jamey@galois.com 


> @jamey_sharp 


v 


http://genode.org 


